Medical Informatics Engineering Enterprise Health has a reflected cross site scripting vulnerability in the 'portlet_user_id' URL parameter. A remote, unauthenticated attacker can craft a URL that can execute arbitrary JavaScript in the victim's browser. This issue is fixed as of 2025-03-14.
oryginał ENCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XMieweb Enterprise Health
APPMiewebrc202309rc202403rc202409rc202503
Powiązane podatności
Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows a...
Medical Informatics Engineering Enterprise Health has a stored cross site scripting vulnerability that allows ...
Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. A...
Medical Informatics Engineering Enterprise Health allows authenticated users to upload arbitrary files. The im...
Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, auth...